Infoblox ActiveTrust Datasheet
Infoblox ActiveTrust Datasheet
Summary
Infoblox ActiveTrust® proactively detects and prevents cyberthreats. ActiveTrust bundles Infoblox DNS Firewall, InfoBlox Threat
Insight in the Cloud, Infoblox Threat Intelligence Data Exchange (TIDE), and Infoblox Dossier. The solution prevents data
exfiltration and malware command-and-control (C&C) communications via DNS, centrally aggregates curated internal and external
threat intelligence, distributes validated threat data to the customer’s security ecosystem for remediation, and enables rapid
investigation to identify context and prioritize threats.
Infoblox Threat Intelligence Data Exchange (TIDE) leverages highly accurate machine-readable threat intelligence (MRTI) data
to aggregate and selectively distribute data across a broad range of security infrastructure. Our threat intelligence team curates,
normalizes, and refines the high-quality threat data to minimize false positives. Our threat feeds begin with information gained from
native investigations and harvesting techniques. We then combine them with verified and observed data from trusted partners including
government agencies, academic institutions, several premier Internet infrastructure providers, and law enforcement. The end result is a
highly refined feed with a very low historical false-positive rate.
Infoblox Dossier threat indicator investigation provides rich threat context to prioritize incidents and respond quickly.
Infoblox DNS Firewall Zones Standard (4) + Advanced (7) + Standard (4) + Advanced (13) +
Standard (4)
(RPZs) SURBL (2) SURBL (2)
Infoblox Threat Insight in
Not available Included Included
the Cloud
One of: All of:
Infoblox Data via Threat * Hostnames R Hostnames
Not available
Intelligence Data Exchange * IP Addresses R IP Addresses
* URLs R URLs
If you intend to use Infoblox DNS Firewall for RPZ-based policy enforcement, you need to buy:
One or more Infoblox Trinzic (physical) or vNIOS (virtual) appliances with DNS with recursion enabled.
Trinzic models:
Hardware Requirements
IB Series: IB-800, IB-1400, IB-2200, IB-4000, and IB-4030
PT Series: PT-1400/1405, PT-2200/2205, and PT-4000
TE Series (physical and virtual appliances): TE-100, TE-810/815/820/825, TE-1410/1415/1420/1425,
TE-2210/2215/2220/2225, and TR-4010/TR-4010-10GE
• If you want Threat Insight in the Cloud, then you can purchase either ActiveTrust Plus or ActiveTrust Advanced
license. If you will NOT deploy ActiveTrust threat intelligence data on third-party infrastructure, then buy an
ActiveTrust Standard license, which is based on the Trinzic appliance models.
Software Requirements • If you intend to deploy ActiveTrust threat intelligence data on third-party infrastructure (e.g. next-generation
firewall, SIEM, Web proxy), then you can buy either ActiveTrust Plus or ActiveTrust Advanced license. The
license is based on total number of protected users’ organization-wide (Grid-wide license). The two products
vary based on the amount of data sets that can be applied and total number of annual Dossier threat indica-
tor queries that can be transacted.
• Infoblox Threat Insight (on premises) for protection against DNS tunneling and sophisticated data exfiltration
techniques is available as a separate standalone option for purchase for all AT customers.
- Note: this only works on the following Infoblox models: PT-1405, TE-1415/V1415, TE-1425/V1425,
TE-2210/v2210, 2215/v2215, TE-2220/v2220, 2225/v2225, PT-2200, PT-2205, IB-4010/v4010, V4015,
TE-V4010/V4015, PT-4000, IB-4030-DCAGRID-AC/DC, IB-4030-DCAGRID-T1-AC/DC, IB-4030-DCA-
GRID-T2-AC/DC, and IB-4030-DCAGRID-T3-AC/DC.
• Infoblox Security Ecosystem license enables integration of Infoblox DNS RPZ/Firewall with third-party security
systems: FireEye, Qualys and threat intelligence platforms.
Optional Services - ActiveTrust Standard customers can purchase if they want to perform threat investigation, since Dossier is
not bundled with ActiveTrust Standard.
- ActiveTrust Plus and ActiveTrust Advanced customers that need additional queries beyond what is provid-
ed in the base product can also purchase this:
Note: The SURBL (an Infoblox premium threat intelligence data partner) OEM license is bundled with the ActiveTrust Plus and ActiveTrust Advanced
bundles for use by Infoblox DNS Firewall. The Infoblox ActiveTrust and SURBL data sets (Multi-domain and Multi Lite domain) are complementary
and if used together, can enable increased threat coverage. To learn more about the Infoblox threat intelligence data, please refer to the solution note
“Overview of Infoblox Threat Intelligence for ActiveTrust” on the Infoblox website.
Key Benefits
With Infoblox ActiveTrust, you get actionable network intelligence with flexible threat intelligence integrated into your DDI enthronement.
this enables you to proactively detect, investigate, prioritize, remediate, and prevent cyber threats.
Collect and Manage Curated Threat Intelligence from Internal and External Sources in a Single Platform
Infoblox TIDE enables you to aggregate, normalize, and manage internal and multiple third-party threat intelligence data in a single
location, preventing siloed and disjointed threat intel.
Improve Security Posture by Sharing Curated Threat Intelligence Data in Real Time with Security Ecosystems
Creating custom API data feeds built for specific use cases is quick and easy. Combine threat data from all your sources, use
contextual metadata to select the relevant subset, and leverage the right format such as JSON, STIX, CSV, CEF, and RPZ to RPZ
to improve the security posture and situational awareness of your existing security ecosystem, such as NGFW, IPS, web proxy,
and SIEM.
Extend the Unique Visibility Infoblox Provides into DNS such as Indicators of Compromise (IoCs) to Other Security Systems
Infoblox provides the unique visibility into DNS data as the market-leading vendor of DDI that other vendors cannot match. DNS
data such as indicators of compromise (IoC) can be shared with other security systems such as vulnerability scanners (Qualys and
Rapid7) to kick off a scan when a new device comes on the network to determine whether it is malware infected.
Expedite Threat Investigation to Free Up Security Personnel and Provide Timely Access to Context for Threat Indicators
Use the Infoblox Dossier research tool as a single source of truth to rapidly understand the types of threats happening on your
network, where they are coming from, and the risks they pose to your organization, including understanding the data source, threat
severity, and priority. Gain insight into questionable activities related to inbound or outbound network communications. Furthermore,
quickly learn about and understand what a variety of trusted sources report about the indicator in question to improve the operational
efficiency of scarce security operations resources, saving you time and effort.
About Infoblox
Infoblox delivers Actionable Network Intelligence to enterprises, government agencies, and service providers around the world. As the industry
leader in DNS, DHCP, and IP address management (DDI), Infoblox provides control and security from the core—empowering thousands of
organizations to increase efficiency and visibility, reduce risk, and improve customer experience.
Corporate Headquarters: +1.408.986.4000 1.866.463.6256 (toll-free, U.S. and Canada) [email protected] www.infoblox.com